Some time ago, the ICO issued an action (might have been a penalty, but could be an enforcement) in which they disregarded a data processing agreement and deemed that an organisation was acting as a controller, despite the fact the ...
Discy Latest Questions
![[Deleted User]](https://secure.gravatar.com/avatar/?s=96&d=mm&r=g "[Deleted User]"){kind=avatar}
Is there a difference between the EU GDPR and UK GDPR? Does EU GDPR somehow apply now in the UK?
As part of our day to day business we carry out various forms of customer servce. This may entail phone calls, emails, discretionary offerings (not via marketing but in response to long service/commitment or complaints). Would you expect processing ...
Hi I have “customers” who live all over the world. We process their data in the UK and EU. I understand that I need to comply with UK & EU GDPR but do I also need to comply with ...
We are working with an independent financial advisor who will be acting as a broker for our death in service benefits. Am I right in thinking that in this capacity they would be acting as our data processor?
I have been asked to provide unlimited and permanent access to a former employees emails by his manager. This is to review any prior client conversations. I suggested other ways to access this information such as key word email searches ...
Good afternoon, Could I have your thoughts on – Lets say for this purpose our Business Continuity Director wants access to Director level/above personal address/email address and contact number so that they can be contacted outside of work should they need ...
Poll Results
Participate in Poll, Choose Your Answer.
Given we have a lovely deadline of getting these into place by mid 2023, how are you and or your organisations getting on with this activity .. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/
My organisation does not carry out any automated decision making. We “profile” data subjects to target them for marketing purposes, i.e. we have a new product and look at who may be interested in it based on their previous ...
How would you tackle an incident where data was sent to multiple unintended distribution lists externally and no response comes back to confirm that data was deleted? Thanks